Head of Cybersecurity vCISO NIS2DORA

Porto - Portugal

Monthly Salary: Not Disclosed

Posted on: 30+ days ago

Vacancies: 1 Vacancy

Job Summary

Secure what matters. Build what lasts.
Were growing Nimber Cyber Defend and looking for a senior security leader who blends governance & regulation with real-world engineering. If you can translate risk into board decisions stand up pragmatic controls and guide regulated clients through NIS2/DORA/ISO 27001 without the theaterlets talk.

What youll do

Own the security program for a portfolio of clients (regulated sectors): strategy policies control framework KPIs/KRIs and board reporting.
Lead NIS2/DORA readiness: gap assessments remediation roadmap third-party risk operational resilience and evidence packs.
Build/maintain ISO/IEC 27001: SoA risk treatment plans internal audits certification readiness.
Drive privacy-by-design with Legal/Data (GDPR DPIAs) across cloud & data products.
Establish cloud & identity guardrails (M365/Azure/AWS Entra/Okta) baseline hardening vulnerability and patch governance.
Oversee SIEM/SOAR & EDR operations (e.g. Microsoft Sentinel/Splunk; Defender/CrowdStrike).
Run IR governance (playbooks tabletop exercises) improve MTTD/MTTR and measure what matters.
Mentor a compact team; coordinate partners for red teaming DFIR and audits.

What you bring

8 years in Information Security with 3 leading GRC / Security Programs (CISO vCISO Head of GRC or similar).
Track record delivering NIS2/DORA or ISO 27001 in production environments.
One or more: CCISO CISSP CISM ISO 27001 LA/LI CCSP AZ-500/SC-200 (or equivalent).
Comfortable with Azure/M365 security Entra/Okta Sentinel/Splunk EDR ecosystems.
Strong executive communication: you brief boards align budgets and land change.
Fluent English; Portuguese is a plus. Based in Lisbon/Porto with client-onsite availability when needed.

Why Nimber

Impact not theater: boutique team hands-on engineers fast time-to-value.
Greenfield & autonomy: help shape our Cyber Defend playbooks tooling and hiring.
Growth & learning: budget for certs/conferences peer coaching and modern stacks.
Hybrid by default (Lisbon/Porto) flexible schedule trust-first culture.

30/60/90 youll lead

30 days: baseline risk & NIS2 Quick Scan policy gap list KPI/KRI pack.
60 days: board-ready roadmap supplier risk method M365/Identity hardening plan.
90 days: controls in production (top risks remediated) SIEM monitoring live 1st tabletop done.

Secure what matters. Build what lasts.Were growing Nimber Cyber Defend and looking for a senior security leader who blends governance & regulation with real-world engineering. If you can translate risk into board decisions stand up pragmatic controls and guide regulated clients through NIS2/DORA/ISO...

What youll do

Own the security program for a portfolio of clients (regulated sectors): strategy policies control framework KPIs/KRIs and board reporting.
Lead NIS2/DORA readiness: gap assessments remediation roadmap third-party risk operational resilience and evidence packs.
Build/maintain ISO/IEC 27001: SoA risk treatment plans internal audits certification readiness.
Drive privacy-by-design with Legal/Data (GDPR DPIAs) across cloud & data products.
Establish cloud & identity guardrails (M365/Azure/AWS Entra/Okta) baseline hardening vulnerability and patch governance.
Oversee SIEM/SOAR & EDR operations (e.g. Microsoft Sentinel/Splunk; Defender/CrowdStrike).
Run IR governance (playbooks tabletop exercises) improve MTTD/MTTR and measure what matters.
Mentor a compact team; coordinate partners for red teaming DFIR and audits.

What you bring

8 years in Information Security with 3 leading GRC / Security Programs (CISO vCISO Head of GRC or similar).
Track record delivering NIS2/DORA or ISO 27001 in production environments.
One or more: CCISO CISSP CISM ISO 27001 LA/LI CCSP AZ-500/SC-200 (or equivalent).
Comfortable with Azure/M365 security Entra/Okta Sentinel/Splunk EDR ecosystems.
Strong executive communication: you brief boards align budgets and land change.
Fluent English; Portuguese is a plus. Based in Lisbon/Porto with client-onsite availability when needed.

Why Nimber

Impact not theater: boutique team hands-on engineers fast time-to-value.
Greenfield & autonomy: help shape our Cyber Defend playbooks tooling and hiring.
Growth & learning: budget for certs/conferences peer coaching and modern stacks.
Hybrid by default (Lisbon/Porto) flexible schedule trust-first culture.

30/60/90 youll lead

30 days: baseline risk & NIS2 Quick Scan policy gap list KPI/KRI pack.
60 days: board-ready roadmap supplier risk method M365/Identity hardening plan.
90 days: controls in production (top risks remediated) SIEM monitoring live 1st tabletop done.